1. Technical Field
The present disclosure relates to discovering machines and, more specifically, to systems and methods for discovering machines.
2. Description of the Related Art
Computers have become indispensable tools for businesses around the globe. However, computer networks and systems are routinely threatened by a vast number of malicious elements. Among them, malicious programs, such as computer viruses, worms, Trojan horses and the like threaten to inflict costly damage to computers, networks and the valuable data they manage.
Malicious programs are not the only threat that exists. Malicious attacks, such as denial of service attacks, may be launched against a computer network. Like malicious programs, malicious attacks threaten to render expensive computer networks useless.
Computers and computer networks are also threatened by commercial elements, among them, unsolicited commercial email and spyware. Unsolicited commercial email, or spam, can impose a significant burden on limited network resources and employee time.
Spyware, or adware, is a general term for programs that surreptitiously monitor the actions of a computer user. While spyware can sometimes be malicious, for example a remote control program used by a hacker, software companies have been known to use spyware to gather data about customers. In addition to tying up limited resources, spyware can threaten the security of sensitive information.
The use of computers by a business also carries more conventional risks, such as risks associated with the supervision of computer equipment. Computer equipment can be valuable and is often portable thereby creating a risk of theft or loss of equipment.
To combat the various threats to computer networks and systems, a wide variety of tools have been developed. For example, antivirus programs, programs that monitor computer systems for evidence of malicious programs, have proven highly effective against the treat posed by malicious programs. Other examples of countermeasures include firewalls, spam blockers, anti-spyware tools and the like. Additionally, inventory control programs have proven to be a useful method for keeping track of computer equipment.
However these tools can only be effective against the various threats to computer networks and systems when they are properly installed and running on the systems that form networks. For example, before an antivirus program can be effective, it must first be properly installed and running on each computer in the network.
Computer networks are often only as secure as their weakest computer system. For example, a worm infection on a single computer system can potentially bring down an entire computer network. It is therefore of critical importance that network administrators are able to ensure that every computer system on their computer network has the very latest countermeasures.
Systems can be used to ensure that each computer on a computer network has the necessary countermeasures installed and running. However these systems must generally first acquire an accurate list of all computers on the network. On large computer networks, it is often a very difficult task to identify every computer that may be connected to the network.
One way to build a list of all computers on the network is to initiate an Internet Control Message Protocol (ICMP) Packet Internet Groper (PING) sweep (ping sweep). During a ping sweep, an ICMP echo request is sent to every possible internet address that may exist on the various subnets that form the network. If a computer is on the network and receives the ping, the computer generates a return response indicating that it is present. The ping sweep should thereby obtain a list of the internet addresses of every computer on the network at the time the ping sweep was initiated.
The ping sweep has several disadvantages. The ping sweep can require a large amount of network resources and may take a long time to complete. Furthermore, some firewall products prevent a computer from responding to a ping resulting in computers being missed.
Another way to build a list of all computers on the network is to query a database that contains a list of addresses of computers on the computer network. For example, a Windows Internet Naming Service (WINS) database may be queried. A WINS is software which correlates NetBIOS names of computers on a computer network with their internet addresses. NetBIOS names may be given to all Windows computers on a NetBIOS compatible computer network and therefore querying the WINS database may reveal the internet addresses of every Windows compatible computer on the computer network. However, the WINS database generally does not contain the internet addresses of non-Windows compatible computers that may be connected to the computer network.
For example, a Domain Name System (DNS) database may be queried. A DNS is a data query service used to correlate hostnames with internet addresses. A hostname is a unique name given to a computer on a computer network to facilitate electronic communication with that computer. However, DNS databases must be manually maintained by a network administrator and may be incomplete.